Privacy Policy
With this privacy policy, we, the Association Sport & Events Aletsch (hereinafter "we," "us," "our"), inform you about the personal data we process in connection with our www.enduro-aletsch.ch website and other offerings. In particular, we inform you which personal data we process, for what purpose, how, and where. This privacy policy also outlines the rights of individuals whose data we process.
​
For individual or additional offers and services, further privacy policies and other legal documents, such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions, may apply.
​
Our offerings are subject to Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as any applicable foreign data protection laws, such as the European Union (EU) General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.
​
1. Responsibility
The entity responsible for processing personal data is:
Verein Sport & Events Aletsch
Fieschertalstrasse 1
3984 Fiesch
bike@aletscharena.ch
We will indicate if there are other responsible parties for data processing in specific cases.​
​
Data Protection Contact Point
​
Our internal contact for data protection questions is as follows:
Joel Stucky
Association Sport & Events Aletsch
Fieschertalstrasse 1
3984 Fiesch
bike@aletscharena.ch
​
2. Processing of Personal Data
​
2.1 Definitions
Personal data includes all information that relates to an identified or identifiable natural person. A data subject is a natural person whose personal data is processed. Processing encompasses any handling of personal data, regardless of the methods and procedures used, including storing, disclosing, acquiring, collecting, deleting, saving, altering, destroying, and using personal data.
​
The European Economic Area (EEA) includes the European Union (EU) as well as Liechtenstein, Iceland, and Norway. The GDPR refers to the processing of personal data as the processing of personally identifiable information.
​
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and the Ordinance on the Federal Act on Data Protection (OFADP).
​
When the GDPR applies, we process personal data based on at least one of the following legal grounds:
-
Art. 6(1)(b) GDPR for necessary processing of personal data to fulfill a contract with the data subject and to conduct pre-contractual measures.
-
Art. 6(1)(f) GDPR for necessary processing of personal data to protect our or third parties' legitimate interests, provided that these do not override the fundamental freedoms, rights, and interests of the data subject. Legitimate interests include our interest in providing our offerings in a secure, reliable, user-friendly manner, promoting our services, ensuring information security, protecting against misuse and unauthorized use, asserting legal claims, and complying with Swiss law.
-
Art. 6(1)(c) GDPR for necessary processing of personal data to comply with a legal obligation to which we may be subject under applicable laws in EU/EEA member states.
-
Art. 6(1)(e) GDPR for necessary processing of personal data to perform a task in the public interest.
-
Art. 6(1)(a) GDPR for processing personal data based on the data subject's consent.
-
Art. 6(1)(d) GDPR for necessary processing of personal data to protect the vital interests of the data subject or another natural person.
​
2.3 Type, Scope, and Purpose
We process personal data as necessary to provide our offerings in a permanent, user-friendly, secure, and reliable manner. Such personal data may include, in particular, basic and contact data (e.g., name, mailing and email address, date of birth for volunteer applications), browser and device data, content data, metadata, usage data, location data, sales, contract, and payment data.
​
We retain personal data for as long as is necessary for the respective purpose or as legally required. Personal data that is no longer needed is anonymized or deleted. Data subjects whose data we process have the right to have their data deleted.
​
We generally process personal data only with the data subject's consent, unless processing is permissible for other legal reasons, such as fulfilling a contract with the data subject, safeguarding our overriding legitimate interests, when processing is evident from the circumstances, or following prior notification.
​
In this context, we specifically process information voluntarily provided by a data subject when contacting us by mail, email, contact form, social media, or phone or when registering for an account. If you provide us with third-party personal data, you must ensure that you have the third party’s consent and that the data provided is accurate.
​
The personal data we process may include contact requests by mail, phone, email, or website contact form, newsletter distribution, or volunteer applications.
​
We also process personal data (particularly contact data, credit card information, birth dates, nationality, and ticket purchase information) received from third parties (e.g., sponsors, ticketing providers) or obtained from publicly accessible sources if such processing is legally permissible.
​
2.4 Processing of Personal Data by Third Parties, Including Abroad
We may engage third parties to process personal data on our behalf, jointly process it with third parties, or transfer it to third parties. Personal data will only be shared if the data subject has explicitly agreed, if we are legally required, or if sharing is necessary for the use of our website, responding to contact inquiries, or another purpose specified in this privacy policy.
These third parties are primarily service providers whose services we use, mainly IT providers offering services like data storage and email distribution. Where legally required or requested by authorities, we may disclose personal data to other third parties, such as tax authorities.
Such third parties are typically located in Switzerland and the EEA (particularly Italy and Germany) but may also be in other countries that the Swiss Federal Data Protection and Information Commissioner (FDPIC) and, when applicable, the European Commission deem to provide an adequate level of data protection. Exceptionally, a third party may be in a country without adequate data protection, provided that data protection requirements, such as the data subject’s explicit consent, are met.
​
3. Data Subject Rights
​
Data subjects whose personal data we process have the following rights, which can be exercised by email using the contact information provided in section 1.
​
-
The right to obtain information about stored personal data and its processing and, where applicable, a free confirmation as to whether we process their personal data.
-
The right to receive or transfer personal data in a machine-readable format.
-
The right to verify the accuracy of their data and, if necessary, to request its update or correction.
-
The right to have their personal data deleted ("right to be forgotten").
-
The right to restrict the processing of their data under certain circumstances.
-
The right to object to the processing of their data.
-
The right to revoke consent at any time, with effect for the future, and to object to the processing of their personal data.
​
Data subjects also have the right to lodge a complaint with a competent supervisory authority. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC).
​
Please note that certain legal requirements and exceptions apply to these rights. In some cases, we may deny your request to exercise these rights if it is legally permissible, in which case we will inform you and explain why.
​
4. Data Security
​
We take reasonable and appropriate technical and organizational measures to ensure data protection and, in particular, data security. However, despite such measures, processing personal data on the internet may have security gaps. We ensure that appropriate protection is in place to safeguard your data from misuse and to store your personal data securely in electronic and physical form, protecting it from unauthorized access, improper use, unauthorized alteration, and accidental loss.
​
Access to our online services is encrypted (SSL/TLS, typically indicated by a padlock icon in the browser address bar).
​
Access to our online services is subject to mass surveillance by security authorities, such as in Switzerland, the EU, the USA, and other countries. We have no direct influence over the data processing by security agencies.
​
When using contractors, we ensure adequate data protection through appropriate contractual agreements. Our contractors are obliged to process personal data exclusively on our instructions and implement technical and organizational measures for data security.
​
Our employees and contractors who have access to confidential information, including your personal data, are bound by confidentiality obligations.
​
Data Retention and Deletio
We retain personal data as long as it is necessary for the purpose for which it was collected. In the case of contracts, we retain personal data for at least the duration of the contractual relationship.
​
Deletion of personal data takes place at the end of statutory retention periods, or, if no such period exists, generally after ten years.
​
We may retain personal data longer if the data subject consents, as long as consent is not revoked, or if retention is necessary to fulfill legal obligations (e.g., accounting or tax requirements), by government order, in the context of legal proceedings, or for our legitimate interests.
​
5. Use of the Website
​
5.1 Cookies
We may use cookies. Cookies, whether first-party cookies or third-party cookies, are data stored in your browser. Such stored data is not limited to traditional cookies in text form and cannot execute programs or transmit malware like trojans or viruses.
​
Cookies may be stored temporarily in your browser as "session cookies" or for a defined period as "persistent cookies." Session cookies are automatically deleted when you close your browser. Persistent cookies have a specified storage duration. Cookies allow us to recognize your browser upon your next visit and to measure website reach. Persistent cookies may also be used for online marketing.
​
You can deactivate or delete cookies in your browser settings at any time. Without cookies, our website may not be available to its full extent. If necessary, we will ask for your explicit consent to use cookies.
​
For cookies used for success and reach measurement or advertising, a general opt-out is possible via AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
​
5.2 Server Log Files
We may collect the following information for each access to our website if transmitted by your browser to our server infrastructure or if our web server is able to determine it: date and time, including time zone; Internet Protocol (IP) address; access status (HTTP status code); operating system, including interface and version; browser, including language and version; accessed subpage of our website, including data transferred; and the last webpage visited in the same browser window (referrer).
​
We store such information, which may also be personal data, in server log files. This information is necessary to provide our online services in a stable, user-friendly, and secure manner and to ensure data security and, in particular, the protection of personal data—also when using third-party services.
​
5.3 Web Beacons
We may use web beacons on our website. Web beacons, also called tracking pixels, are small, usually invisible images that are automatically retrieved when visiting our website. With web beacons, the same information as in server log files can be collected.
​
6. Notifications and Communications
​
We send notifications and communications, such as newsletters, by email and through other communication channels.
​
6.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that detect whether a specific message was opened and which links were clicked. These web links and tracking pixels may also record the use of notifications and communications on a personal basis. We need this statistical recording of usage to measure success and reach, allowing us to offer notifications and communications that are effective, user-friendly, and tailored to the recipients' needs and reading habits in a stable, secure, and reliable manner.​
​
6.2 Consent and Objection
You generally need to provide explicit consent for the use of your email address and other contact details, unless the use is legally permitted for other reasons. For consent to receive emails, we use the "double opt-in" procedure whenever possible, meaning you receive an email with a link to click for confirmation, ensuring no unauthorized third party can misuse your email address. We may log such consent, including your IP address, date, and time, for evidence and security purposes.
​
You can unsubscribe from notifications and communications, such as newsletters, at any time. Unsubscribing also allows you to object to the statistical recording of usage for success and reach measurement. Notifications and communications that are essential to our services remain unaffected by unsubscribing.
​
7. Social Media
​
We are present on social media platforms and other online platforms to communicate with interested parties and inform them about our offerings. In doing so, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The General Terms and Conditions (GTC), Terms of Use, Privacy Policies, and other provisions of the respective operators of such online platforms apply. These provisions, in particular, provide information on the rights of data subjects, such as the right to access.
​
For our presence on Facebook, including the so-called Page Insights, we are, to the extent that the GDPR applies, jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide insights into how visitors interact with our Facebook presence. We use Page Insights to provide our Facebook social media presence in an effective and user-friendly manner.
​
Further information on the type, scope, and purpose of data processing, as well as on the rights of data subjects and contact details of Facebook and Facebook’s data protection officer, can be found in Facebook’s Privacy Policy. We have concluded the so-called “Controller Addendum” with Facebook, agreeing that Facebook is responsible for safeguarding the rights of data subjects. For information on Page Insights, please refer to the page "Information on Page Insights including "Information on Page Insights Data."
​
8. Third-Party Services
​
We use third-party services to provide our offerings in a stable, user-friendly, secure, and reliable manner. Such services may also embed content into our website. These services—such as hosting and storage services, video services, and payment services—require your Internet Protocol (IP) address, as these services cannot transmit content without it.
​
For their own security-related, statistical, and technical purposes, third parties whose services we use may also process data in connection with our offerings, as well as data from other sources, including through cookies, log files, and web beacons, in an aggregated, anonymized, or pseudonymized manner.
​
We specifically use:
​
-
Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; general data protection information: "Privacy and Security Principles," Privacy Policy, "Google is committed to complying with applicable data protection laws," "Privacy Guide for Google Products," "How we use data from sites or apps that use our services" (information from Google), "How Google uses cookies," "Personalized Advertising" (activation / deactivation / settings).
​
8.1 Digital Infrastructure
We use third-party services to obtain the necessary digital infrastructure for our offerings. This includes hosting and storage services from specialized providers.
​
In particular, we use:
​
-
Wix: Hosting; provider: Wix Online Platforms Limited, 1 Grant’s Row, Dublin 2 D02HX96, Ireland; privacy information: Privacy Policy, "Wix.com Privacy Policy."
​
8.2 Social Media Functions and Content
We use services and plugins from third parties to embed functions and content from social media platforms and to enable sharing of content on social media platforms and other channels.
​
In particular, we use:
​
-
Facebook (Social Plugins): Embedding of Facebook functions and content, such as "Like" and "Share"; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); privacy information: Privacy Policy.
-
Instagram Platform: Embedding of Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).
​
8.3 Audiovisual Media
We use services from third parties to enable the direct playback of audiovisual media, such as music or videos, on our website.
​
In particular, we use:
​
-
Vimeo: Videos; provider: Vimeo Inc. (USA); privacy information: "Privacy," Privacy Policy.
-
YouTube: Videos; provider: Google (including in the USA); YouTube-specific privacy information: "Privacy and Security Center," "My Data on YouTube."
-
​
9. Website Extensions
​
We use extensions on our website to enable additional functionality.
​
In particular, we use:
​
-
Google reCAPTCHA: Spam protection (distinguishing between desired comments from humans and unwanted comments from bots as well as spam); specific privacy information on Google reCAPTCHA: "What is reCAPTCHA?"
​
10. Success and Reach Measurement
​
We use services and programs to determine how our online offerings are used. In this context, we may measure the success and reach of our online offerings as well as the impact of third-party links to our website. We may also conduct tests and comparisons of different versions of our online offerings or parts of our online offerings ("A/B testing"). Based on the results of success and reach measurement, we can fix errors, strengthen popular content, or make improvements to our online offerings.
​
When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened (IP masking) to enhance the privacy of website visitors and to comply with data minimization principles.
​
When using services and programs for success and reach measurement, cookies may be used, and user profiles may be created. User profiles include, for example, the pages visited or the content viewed on our website, screen or browser window size, and approximate location. User profiles are generally created in pseudonymized form. We do not use user profiles to identify individual visitors to our website. However, specific services in which users are logged in may link the use of our online offerings to the user’s profile on the respective service, provided that the user has given consent to this linkage.
​
In particular, we use:
​
-
Google Analytics: Success and reach measurement; specific privacy information on Google Analytics: measurement across browsers and devices (cross-device tracking) with pseudonymized Internet Protocol (IP) addresses, which are only transferred fully to Google in the USA in exceptional cases; "Privacy," "Browser Add-on to disable Google Analytics."
-
Google Tag Manager: Integration and management of other services for success and reach measurement as well as other Google and third-party services; specific privacy information on Google Tag Manager: "Data collected through Google Tag Manager"; further privacy information can be found in the respective services integrated and managed.
​
11. Final Provisions
​
We may amend or supplement this privacy policy at any time. We will inform you of such amendments and supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website.
​
Effective Date: 15.05.2024
​
Copyright © Verein Sport & Events Aletsch 2024 - All information provided without guarantee – Subject to errors and changes.